Siteminder Webagent and CORS

book

Article ID: 197220

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running a Web Agent, and we'd like to know how to integrate it
to use the CORS headers as we've seen in Siteminder OIDC documentation section :

  Cross-Origin Resource Sharing (CORS) Support for OIDC Endpoints
  https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/configuring/use-ca-single-sign-on-as-openid-connect-provider/cross-origin-resource-sharing-cors-support-for-oidc-endpoints.html

Is there any support outside OIDC journey in the Web Agent ?

 

Environment

 

Web Agent 12.52SP1CR09 on Apache 2.4 on RedHat 6

 

Resolution

 

At first glance, Web Agent doesn't support CORS header outside OIDC
journey.

An Idea has been submitted in the past, and it seems that you still
can configure the Web Server to handle these CORS headers :

  CORS on CA SPS Federation Gateway
  https://community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer/viewthread?MessageKey=d03113c4-4ae7-4799-96ce-00741b574545&CommunityKey=f9d65308-ca9b-48b7-915c-7e9cb8fc3295&tab=digestviewer#bmd03113c4-4ae7-4799-96ce-00741b574545

  Ability to add HSTS and CORS headers to .fcc pages
  https://community.broadcom.com/participate/ideation-home/viewidea?IdeationKey=9188ae6b-a8ed-43f5-b7a6-6f647c9a8616

The CORSConfiguration is implemented in CA Access Gateway (SPS) as
described in the same page :

  CORS Configuration in Administrative UI

    SiteMinder supports CORS using a new ACO parameter named
    CORSConfiguration in SPSDefaultSettings ACO template. The default
    template with new ACO parameter is shipped with Policy Server
    12.8.03.

    Note: The feature is supported only with Release 12.8.03 or higher
    Policy Server and Access Gateway.

  https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/configuring/use-ca-single-sign-on-as-openid-connect-provider/cross-origin-resource-sharing-cors-support-for-oidc-endpoints.html

In order to get this parameter to be added to Web Agent 12.52SP1, we
invite you to submit an Enhancement Request (Idea) :

  1. Go to the "All Ideas" page :
     https://community.broadcom.com/ideation/allideas
  2. Click on the "Add" button.
  3. In the "Select categories...", select "Layer7 Access Management".
  4. Write a title in the "title" box.
  5. Write a complete description of the Enahcement Request or
     Certification you'd like to post.
  6. Click on "Save" to get the Idea submitted !